Your HP Wireless mouse can be Spoofed; Be careful

By our estimation, this means a mouse could let a RAT onto your computer.

If you are a user of an HP Inc wireless mouse/keyboard combo and the cursor starts behaving badly, that means someone might be trying to prank you.

This is because the wireless mouse in the ERK-321A bundle is not encrypted: anyone can sniff the signals from it, learn its protocol and commands, and then inject their own signal to perform a spoofing attack.

The German pentesters Syss have reported the bug to the HP Inc in March, since they got no response, they choose to go public yesterday.

They have used a Logitech USB radio dongle, the research firmware from Bastille and custom software to create their own proof-of-concept.

With this, if a user’s workstation is unlocked, the pentesters can send “a list of the mouse actions that start the virtual on-screen keyboard of the operating system and then execute arbitrary commands in the context of the currently logged-in user, for instance, download and execute an attack vector.”

If the attacker can have a look at the victim’s screen by some way, it is easy, but the notice says that a bit of extra heuristic smarts can run an attack even without having to look at the screen: with heuristics.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Related

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]